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AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

1 . (Currently Amended) A method for addressing packets in a firewall cluster 
including a plurality of firewall nodes , the method comprising: 

selecting one of the firewall nodes for processing a first packet: 
receiving, at a first processor associated with the selected firewall node , [[a]] the 
first packet; 

determining , by the first processor, as a function of a multidimensional space for 
representing addresses processed by a set of data processors, a first address for the 

first packet; and 

forwarding the first packet based on the determined first address. 

2. (Original) The method of claim 1 , further comprising: 
using an N-tuple space as the multidimensional space. 

3. (Original) The method of claim 2, further comprising: 
assigning to the first processor a first region based on the N-tuple space. 

4. (Original) The method of claim 3, further comprising: 

using the first address, such that the first address represents a point within the 
first region. 
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5. (Original) The method of claim 4, further comprising: 

using N address values as the N-tuple, such that the N address values represent 

the point. 

6. (Original) The method of claim 2, further comprising: 

using the N-tuple space, such that N is equal to a value of at least two. 

7. (Original) The method of claim 3, further comprising: 

assigning to a second processor a second region based on the N-tuple space, 
such that the first region is separate from the second region. 

8. (Original) The method of claim 7, further comprising: 

fonwarding, at the second processor, a second packet with a second address 
determined based on the second region, such that the second packet does not conflict 
with the first packet. 

9. (Original) The method of claim 7, further comprising: 

fonwarding, at the second processor, a second packet with a second address 
determined based on the second region, such that the second address does not conflict 
with the first address. 
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1 0. (Currently Amended) A metliod for addressing packets associated with a- 
s e t of a plurality of processors , each processor being associated with one of a plurality 
of firewall nodes in a firewall cluster , the method comprising: 

selecting one of the firewall nodes for processing a packet, the selected firewall 
node including a first processor: 

receiying, at the first processor, the a first ono of tho processors, a packet; 

reading, at the first processor, an N-tuple address of the received packet; 

determining , bv the first processor, whether the N-tuple address is within an 
N-tuple space assigned to the first processor; 

sending the packet with the N-tuple address, when it is determined that the N- 
tuple address is within the N-tuple space assigned to the first processor; and 

determining a modified N-tuple address, when it is determined that the N-tuple 
address is not within the N-tuple space assigned to the first processor and sending the 
packet with the modified N-tuple address. 

1 1 . (Original) The method of claim 10, wherein the reading step further 
comprises: 

reading as the N-tuple address, a plurality of values from the received packet. 

12. (Original) The method of claim 1 1 , wherein the reading step further 
comprises: 

reading at least a source port. 
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13. (Original) The method of claim 10, wherein the step of determining 
whether the N-tuple address Is within the N-tuple space, further comprises: 

determining whether the N-tuple address is within the N-tuple space based on a 
comparison between the N-tuple address of the packet and the N-tuple space assigned 
to the first processor. 

14. (Original) The method of claim 10, wherein the step of determining 
whether the N-tuple address is within the N-tuple space, further comprises: 

determining whether the N-tuple address of the packet is within the N-tuple 
space based a quadrant identifier value, wherein the quadrant identifier value 
corresponds to the first processor. 

15. (Original) The method of claim 14, wherein the step of determining 
whether the N-tuple address of the packet is within the N-tuple space, further 
comprises: 

determining the quadrant identifier value based on a hash function. 

16. (Original) The method of claim 14, wherein the step of determining 
whether the N-tuple address of the packet is within the N-tuple space, further 

comprises: 

determining the quadrant identifier value based on a hash function and a modulo 
division. 
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17. (Original) The method of claim 10, wherein the step of determining the 
modified N-tuple further comprises: 

adding a value to the N-tuple address, such that the modified N-tuple address is 
within the N-tuple space assigned to the first processor. 

1 8. (Original) The method of claim 14, wherein the step of determining the 
modified N-tuple address further comprises: 

modifying the N-tuple address based on the quadrant identifier value. 

1 9. (Original) The method of claim 10, wherein the step of sending the packet 
with the N-tuple address, further comprises: 

sending the packet with the N-tuple address, such that the packet does not 
conflict with another N-tuple address associated with a second one of the processors. 

20. (Cancelled). 

21 . (Original) The method of claim 1 0, further comprising: 
using a computer as the first processor. 

22. (Original) The method of claim 10, further comprising: 
using a router as the first processor. 

23. (Cancelled). 
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24. (Currently Amended) A method of addressing packets in a firewall cluster, 
wherein the firewall cluster comprises a set of processors , each processor being 
associated with a firewall node , the method comprising: 

selecting one of the firewall nodes for processing a packet, the selected firewall 
node including a first processor; 

receiving, at [[a]] the first processor one of tho procossors , [[a]] the packet; 

reading, at the first processor, an N-tuple address of the received packet; 

determining a quadrant identifier based on the read N-tuple address, a hash 
function, and modulo division; 

determining whether the read N-tuple address corresponds to the first processor 
based on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first processor; and 

determining a modified N-tuple address, when the quadrant identifier does not 
corresponds to the first processor and sending the packet with the modified N-tuple 
address. 

25. (Original) The method of claim 24, further comprising: 
assigning each of the set of processors a firewall node number. 

26. (Original) The method of claim 25, further comprising: 



-7- 



U.S. Application No. 10/712,396 
Attorney Docket No. 08971 .0005 

determining wliether the N-tupie address corresponds to the first processor 

based on the quadrant identifier and the firewall node number. 

27. (Currently Amended) A system for addressing packets in a firewall cluster 
including a plurality of firewall nodes , the method comprising: 

means for selecting one of the firewall nodes for processing a first packet: 
means for receiving, at a first processor associated with the selected firewall 

node , [[a]] the first packet; 

means for determining as a function of a multidimensional space for representing 

addresses processed by a set of data processors, a first address for the first packet; 

and 

means for fonwarding the first packet based on the determined first address. 

28. (Currently Amended) A system for addressing packets associated with 
one or more processors , each processor being associated with a firewall node in a 
firewall cluster , the system comprising: 

means for selecting one of the firewall nodes for processing a packet, the 
selected firewall node including a first processor; 

means for receiving, at the first processor a f i rst ono of tho processors , [[a]] the 
packet; 

means for reading, at the first processor, an N-tuple address of the received 
packet; 
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means for determining whetlier tlie N-tuple address is witfiin an N-tuple space 
assigned to the first processor; 

means for sending tlie packet witli the N-tuple address, when it is determined 
that the N-tuple address is within the N-tuple space assigned to the first processor; and 

means for determining a modified N-tuple address, when it is determined that the 
N-tuple address is not within the N-tuple space assigned to the first processor and 
sending the packet with the modified N-tuple address. 

29. (Currently Amended) A firewall cluster including one or more firewall 
nodes associated with one or more processors, comprising: 

means for selecting one of the firewall nodes for processing a packet, the 
selected firewall node including a first processor: 

means for receiving, at the first processor a f i rct ono of a sot of prooossors , [[a]] 
the packet; 

means for reading, at the first processor, an N-tuple address of the received 
packet; 

means for determining a quadrant identifier based on the read N-tuple address, a 
hash function, and modulo division; 

means for determining whether the read N-tuple address corresponds to the first 
processor based on the quadrant identifier; 

means for sending the packet with the N-tuple address, when the quadrant 
identifier corresponds to the first processor; and 
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means for determining a modified N-tuple address, wlien tine quadrant identifier 

does not corresponds to tlie first processor and sending tlie pacl^et with the modified 

N-tuple address. 

30. (Currently Amended) A system including a firewall cluster with a plurality 
of firewall nodes, the firewall nodes being associated with one or more processors , said 
system comprising: 

at least one memory comprising: 

code that selects one of the firewall nodes for processing a first 
packet, the selected firewall node including a first processor: 

code that receives, at [[a]] the first processor, [[a]] the first packet; 

code that determines as a function of a multidimensional space for 
representing addresses processed by a set of data processors, a first 
address for the first packet; and 

code that fonwards the first packet based on the determined first 
address; and 
at least one processor for executing the code. 

31 . (Currently Amended) A system including a firewall cluster with a plurality 
of firewall nodes, the firewall nodes being associated with one or more processors , the. 
system comprising: 

at least one memory comprising 
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code that selects one of the firewall nodes for processing a packet, 
the selected firewall node including a first processor: 

code that receives, at the first processor a first one of th e 
procossors , [[a]] the packet; 

code that reads reading , at the first processor, an N-tuple address 
of the received packet; 

code that deternfiines whether the N-tuple address is within an N- 
tuple space assigned to the first processor; 

code that sends the packet with the N-tuple address, when it is 
determined that the N-tuple address is within the N-tuple space assigned 
to the first processor; and 

code that determines a modified N-tuple address, when it is 
determined that the N-tuple address Is not within the N-tuple space 
assigned to the first processor and sending the packet with the modified 
N-tuple address; and 
at least one processor for executing the code. 

32. (Original) The system of claim 31 , wherein code that reads further 
comprises: 

code that reads as the N-tuple address, a plurality of values from the received 
packet. 
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33. (Original) The system of claim 32, wherein code that reads the plurality of 
values further comprises: 

code that reads at least a source port. 

34. (Original) The system of claim 31 , wherein code that determines whether 
the N-tuple address is within the N-tuple space, further comprises: 

code that determines whether the N-tuple address is within the N-tuple space 
based a comparison between the N-tuple address of the packet and the N-tuple space 
assigned to the first processor. 

35. (Original) The system of claim 31 , wherein code that determines whether 
the N-tuple address is within the N-tuple space, further comprises: 

code that determines whether the N-tuple address of the packet is within the N- 
tuple space based a quadrant identifier value, wherein the quadrant identifier 
corresponds to the first processor. 

36. (Original) The system of claim 35 wherein code that determines whether 
the N-tuple address of the packet is within the N-tuple space, further comprises: 

code that determines the quadrant identifier value based on a hash function. 

37. (Currently Amended) A firewall cluster including a plurality of firewall 
nodes, the firewall nodes being associated with one or more processors, the firewall 
cluster comprising: 
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at least one memory comprising 

code that selects one of the firewall nodes for processing a packet, 
the selected firewall node including a first processor; 

code that receives, at the first processor a first ono of a sot of 
proc ess or s, [[a]] the packet; 

code that reads, at the first processor, an N-tuple address of the 
received packet; 

code that determines a quadrant identifier based on the read 
N-tuple address, a hash function, and modulo division; 

code that determines whether the read N-tuple address 
corresponds to the first processor based on the quadrant identifier; 

code that sends the packet with the N-tuple address, when the 
quadrant identifier corresponds to the first processor; and 

code that determines a modified N-tuple address, when the 
quadrant identifier does not corresponds to the first processor and sends 
the packet with the modified N-tuple address; and 
at least one processor for executing the code. 

38. (Currently Amended) A computer-readable medium comprising 
instructions which, when executed by a processor, perform a method in a firewall cluster 
including a pluralitv of firewall nodes, the method including computer program product, 
tho computer program product comprising codo for implomonting tho stops of : 
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selecting one of the firewall nodes for processing a packet, the selected firewall 
node being associated with a first processor; 

receiving, at the first processor a first one of a s e t of proc e ssors , [[a]] the packet; 

reading, at the first processor, an N-tuple address of the received packet; 

determining whether the N-tuple address is within an N-tuple space assigned to 
the first processor; 

sending the packet with the N-tuple address, when it is determined that the 
N-tuple address is within the N-tuple space assigned to the first processor; and 

determining a modified N-tuple address, when it is determined that the N-tuple 
address is not within the N-tuple space assigned to the first processor and sending the 
packet with the modified N-tuple address. 

39. (Currently Amended) The computer-readable medium computor program 
product of claim 38, wherein reading further comprises: 

reading as the N-tuple address, a plurality of values from the received packet. 

40. (Currently Amended) The computer-readable medium computor program 
product of claim 39, wherein reading the plurality of values further comprises: 

reading at least a source port. 

41. (Currently Amended) The computer-readable medium computer program 
product of claim 39, wherein determining whether the N-tuple address is within the 
N-tuple space, further comprises: 
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determining wfiether tlie N-tuple address is witiiin tlie N-tuple space based a 

comparison between tlie N-tuple address of the packet and the N-tuple space assigned 

to the first processor. 

42. (Currently Amended) The computer-readable medium computor program 
product of claim 39, wherein determining whether the N-tuple address is within the 
N-tuple space, further comprises: 

determining whether the N-tuple address of the packet is within the N-tuple 
space based a quadrant identifier value, wherein the quadrant identifier value 
corresponds to the first processor. 

43. (Currently Amended) The computer-readable medium computor program 
product of claim 42, wherein determining whether the N-tuple address of the packet is 
within the N-tuple space, further comprises: 

determining the quadrant identifier value based on a hash function. 

44. (Currently Amended) A computer-readable medium comprising 
instructions which, when executed bv a processor, perform a method in a firewall cluster 
including a pluralitv of firewall nodes, the method including comput o r program product, 
tho computor program product comprising code for impl e m e nting tho stops of : 

selecting one of the firewall nodes for processing a packet, the selected firewall 
node including a first processor: 

receiving, at the first processor a firct ono of a sot of processors , [[a]] the packet; 
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reading, at the first processor, an N-tuple address of the received packet; 

determining a quadrant identifier based on the read N-tuple address, a hash 
function, and modulo division; 

determining whether the read N-tuple address corresponds to the first processor 
based on the quadrant identifier; 

sending the packet with the N-tuple address, when the quadrant identifier 
corresponds to the first processor; and 

determining a modified N-tuple address, when the quadrant identifier does not 
corresponds to the first processor and sending the packet with the modified N-tuple 
address. 

45. (Currently Amended) A computer-readable medium comprising 
instructions which, when executed bv a processor, perform a method in a firewall 
cluster, the firewall cluster including a plurality of firewall nodes, the method including 
computer program product , th o computor program product comprising code for 
imp l omonting tho stops of : 

selecting one of the firewall nodes for processing a first packet, the selected 
firewall node being associated with a first processor: 

receiving, at [[a]] the first processor, [[a]] the first packet; 

determining as a function of a multidimensional space for representing addresses 
processed by a set of data processors, a first address for the first packet; and 

fonwarding the first packet based on the determined first address. 



